PT-2026-26831 · WordPress · Post Affiliate Pro
Published
2026-03-21
·
Updated
2026-03-21
·
CVE-2026-2290
CVSS v3.1
3.8
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Post Affiliate Pro versions prior to 1.28.1
Description
The Post Affiliate Pro plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF). This allows authenticated attackers with Administrator-level access to initiate arbitrary outbound requests from the application and read the returned response content. Successful exploitation has been confirmed by receiving and observing response data from an external Collaborator endpoint.
Recommendations
Update Post Affiliate Pro to version 1.28.1 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Post Affiliate Pro